🔥 Trending CVEs - Last 90 Days

A denial-of-service vulnerability exists in RustCrypto's SM2 public-key encryption implementation where untrusted ciphertext can trigger bounds-check ...

This vulnerability in Yonyou YonBIP allows attackers to bypass normal directory restrictions via path traversal in the LoginWithV8 interface, potentia...

A vulnerability in Hero Motocorp Vida V1 Pro 2.0.7 allows local attackers to cause denial of service via the Bluetooth Low Energy (BLE) component. Thi...

FluidSynth versions 2.4.6 and earlier contain a null pointer dereference vulnerability in fluid_synth_monopoly.c that can be triggered by loading a sp...

Vivotek IP7137 cameras with firmware version 0200a allow unauthenticated access to live RTSP video feeds on port 8554. This affects all users of these...

This CVE describes an unauthenticated SQL injection vulnerability in Zenitel products that allows attackers to inject SQL queries via GET request para...

This vulnerability allows external applications to bypass security controls and directly launch Gmail with inbox access by exploiting an exported Acti...

This vulnerability in OPEXUS eComplaint allows unauthenticated attackers to download sensitive files by guessing predictable charge numbers. It affect...

This CVE describes a PHP Local File Inclusion vulnerability in the G5Theme Handmade Framework WordPress plugin. Attackers can include arbitrary local ...

A vulnerability in Technitium DNS Server v13.5 allows remote attackers to trigger a denial of service condition by exploiting the rate-limiting compon...

This vulnerability in Insiders Technologies GmbH e-invoice pro allows remote attackers to cause denial of service via crafted scripts. The issue affec...

Mastodon's IP address filtering mechanism had incomplete coverage, allowing attackers to bypass protections against local network requests. This enabl...

CoreDNS servers running gRPC, HTTPS, or HTTP/3 protocols are vulnerable to denial-of-service attacks due to missing resource limits. Unauthenticated a...

A NULL pointer dereference vulnerability in Trend Micro Apex Central allows remote attackers to cause denial-of-service without authentication. This a...

An out-of-bounds read vulnerability in Trend Micro Apex Central allows remote attackers to cause denial-of-service conditions without authentication. ...

This vulnerability in the BulletProof Security WordPress plugin allows attackers to retrieve embedded sensitive data through information insertion int...

This path traversal vulnerability in the VidMov WordPress theme allows attackers to access files outside the intended directory using '.../...//' sequ...

This CVE describes a command injection vulnerability in pnpm package manager versions 6.25.0 through 10.26.2. Attackers who can control environment va...

This vulnerability in urllib3 allows a malicious server to cause excessive resource consumption on clients through decompression bombs in HTTP redirec...

A stack-based buffer overflow vulnerability in libtasn1 v4.20.0 allows attackers to execute arbitrary code or cause denial of service by exploiting im...

This CVE allows attackers to serve malicious code through HTTP tarball dependencies in pnpm packages. The lockfile fails to provide integrity verifica...

This CVE describes an uncontrolled format string vulnerability in Panda3D's egg-mkfont tool. Attackers can exploit the -gp command-line option to read...

This path traversal vulnerability in MediaWiki's CSS extension allows attackers to read arbitrary files on the server by manipulating file paths. It a...

OpenAirInterface CN5G AMF versions up to v2.0.1 contain a logical error in JSON request processing that allows unauthenticated remote attackers to sen...

CVE-2025-67364 is a critical path traversal vulnerability in fast-filesystem-mcp version 3.4.0 that allows attackers to bypass directory access restri...

CVE-2025-67366 is a critical path traversal vulnerability in @sylphxltd/filesystem-mcp v0.5.8 that allows attackers to bypass directory restrictions u...

OpenAirInterface CN5G AMF versions up to v2.1.9 have a buffer overflow vulnerability when processing NAS messages with overly long IMSI strings. Unaut...

The Reviewify WordPress plugin has an authorization vulnerability that allows authenticated users with Contributor-level access or higher to create ar...

The Yoco Payments WordPress plugin contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files on the server...

This vulnerability in the Latest Registered Users WordPress plugin allows unauthenticated attackers to export complete user data (excluding passwords)...

The User Activity Log WordPress plugin up to version 2.2 contains an unauthenticated vulnerability that allows attackers to modify critical WordPress ...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This CVE describes a PHP Local File Inclusion vulnerability in the VanKarWai Calafate WordPress theme. Attackers can include arbitrary local files thr...

CVE-2025-59379 is a blind SQL injection vulnerability in DwyerOmega Isensix ARMS 1.5.7 that allows attackers to extract sensitive database information...

CVE-2026-21507 is an infinite loop vulnerability in the CalcProfileID function of iccDEV's IccProfile.cpp. This allows attackers to cause denial of se...

This vulnerability in AIOHTTP allows denial-of-service attacks when Python optimizations are enabled and the application processes POST requests. Atta...

This vulnerability in AIOHTTP allows attackers to craft malicious requests that cause uncontrolled memory consumption in servers using Request.post() ...

AIOHTTP versions 3.13.2 and below are vulnerable to a zip bomb denial-of-service attack. An attacker can send specially crafted compressed requests th...

This CVE describes a path traversal vulnerability in Frappe web framework that allows attackers to read arbitrary files from the server due to insuffi...

CVE-2025-68428 is a path traversal vulnerability in jsPDF's Node.js builds that allows attackers to read arbitrary local files when user-controlled in...

This CVE describes a regular expression denial of service (ReDoS) vulnerability in Anthropic's MCP TypeScript SDK. Attackers can exploit this by sendi...

An unauthenticated Denial of Service vulnerability in evershop allows attackers to crash application servers by sending specially crafted SVG image re...

A vulnerability in Samsung Exynos processors allows incorrect handling of RRC (Radio Resource Control) packets, leading to denial of service. This aff...

This Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin allows attackers to execute malicious scripts in administrato...

MessagePack for Java versions before 0.9.11 contain a denial-of-service vulnerability where deserializing malicious .msgpack files with specially craf...

This authentication bypass vulnerability in Revotech I6032W-FHW devices allows attackers to access sensitive information and escalate privileges witho...

Vatilon v1.12.37-20240124 transmits user credentials in plaintext during authentication, allowing attackers to intercept login information. This affec...

This directory traversal vulnerability in Vatilon v1.12.37-20240124 allows attackers to access sensitive files and directories outside the intended we...

This CVE-2025-9110 vulnerability allows remote attackers to read sensitive system information from affected QNAP devices without authorization. Attack...

An integer underflow vulnerability in gpsd's NAVCOM packet parser causes a denial of service condition. When processing malicious packets, the parser ...